Update to 2.0.14

Packaging changes: add patch to work around calling mkostemp with
invalid flags.

Upstream changes:

  Bug fixes

  Fix for CVE-2016-8606.  REPL server now protects against HTTP
  inter-protocol attacks

  Fix for CVE-2016-8605.  'mkdir' procedure no longer calls umask(2)
  (<http://bugs.gnu.org/24659>)

  New interface mkstemp! which takes optional "mode" argument

  New 'scm_to_uintptr_t' and 'scm_from_uintptr_t' C functions

3 files changed, 37 insertions, 9 deletions

diff --git a/lang/guile20/Makefile b/lang/guile20/Makefile
index 38e52b95ab0..5f9159811fc 100644
--- a/lang/guile20/Makefile
+++ b/lang/guile20/Makefile
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.8 2016/12/07 19:05:47 maya Exp $
+# $NetBSD: Makefile,v 1.9 2017/02/20 20:01:45 gdt Exp $
 
-DISTNAME=	guile-2.0.12
+DISTNAME=	guile-2.0.14
 PKGNAME=	${DISTNAME:S/guile/guile20/}
-PKGREVISION=	2
 CATEGORIES=	lang
 MASTER_SITES=	ftp://ftp.gnu.org/gnu/guile/
 
@@ -51,7 +50,7 @@ SUBST_MESSAGE.tools=	Fixing path to pkg-config in installed file.
 OPSYSVARS+=		GUILE_LIBNAME
 GUILE_LIBNAME.Darwin=	a
 GUILE_LIBNAME.FreeBSD=	so.30
-GUILE_LIBNAME.*=	so.22.8.0
+GUILE_LIBNAME.*=	so.22.8.1
 
 PLIST_SUBST+=		GUILE_LIBNAME=${GUILE_LIBNAME}
 PRINT_PLIST_AWK+=	{gsub(/${GUILE_LIBNAME}/, "$${GUILE_LIBNAME}");}
diff --git a/lang/guile20/distinfo b/lang/guile20/distinfo
index ff1662390ce..4f45a169ac7 100644
--- a/lang/guile20/distinfo
+++ b/lang/guile20/distinfo
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.5 2016/12/03 03:15:33 marino Exp $
+$NetBSD: distinfo,v 1.6 2017/02/20 20:01:45 gdt Exp $
 
-SHA1 (guile-2.0.12.tar.gz) = 51eeedadb1e12be2b728afca0a8685f69cf55f04
-RMD160 (guile-2.0.12.tar.gz) = 2967ee3a3214d1dd6f901539cf963dd2388589e6
-SHA512 (guile-2.0.12.tar.gz) = 638562b18bca8f5192ea116f89de5802c1193440c6394bbc2aad873a5b897dc9a2a05f05208c089437626d25ea4ab016bea56feb04a8cdea26d7e495cd5b3a7b
-Size (guile-2.0.12.tar.gz) = 7421088 bytes
+SHA1 (guile-2.0.14.tar.gz) = fd04a4973715b8c4cd6c03a97e08d7f2c3c2bd68
+RMD160 (guile-2.0.14.tar.gz) = 754aaf1bf3c6bed9afdde49c5154b87047408a1e
+SHA512 (guile-2.0.14.tar.gz) = d69c9bdf589fedcc227f3203012f6ed11c327cef3a0147d8e016fe276abecdb4272625efe1d0c7aa68219fe8f29bbced44089a4b479e4eafe01976c6b2b83633
+Size (guile-2.0.14.tar.gz) = 7823099 bytes
 SHA1 (patch-lib_signal.in.h) = a5ddf019ed1e33b9f5b9994d1368be88660684a5
+SHA1 (patch-libguile_filesys.c) = 7f79ab55cd9d3655b8f3352171c89289d685be85
 SHA1 (patch-libguile_stime.c) = a817e58e4ec05ad040a11ccdaacca53511ad0ad8
 SHA1 (patch-libguile_threads.c) = 6250af1130fb8a6f22db4ba04c9f70bc6c9f0ade
diff --git a/lang/guile20/patches/patch-libguile_filesys.c b/lang/guile20/patches/patch-libguile_filesys.c
new file mode 100644
index 00000000000..225accfd7f6
--- /dev/null
+++ b/lang/guile20/patches/patch-libguile_filesys.c
@@ -0,0 +1,28 @@
+$NetBSD: patch-libguile_filesys.c,v 1.1 2017/02/20 20:01:45 gdt Exp $
+
+When using mkostemp (an interface not defined by POSIX), restrict
+flags to the set defined by the documentation of particular operating
+systems.
+
+See https://debbugs.gnu.org/cgi/bugreport.cgi?bug=24862#23 for discussion.
+
+This patch has not yet been sent upstream.
+
+--- libguile/filesys.c.orig	2016-12-15 00:03:33.000000000 +0000
++++ libguile/filesys.c
+@@ -1486,6 +1486,15 @@ SCM_DEFINE (scm_i_mkstemp, "mkstemp!", 1
+       mode_bits = scm_i_mode_bits (mode);
+     }
+ 
++#ifdef APPLE
++  /* https://debbugs.gnu.org/cgi/bugreport.cgi?bug=24862#23 */
++  open_flags &= O_APPEND|O_SHLOCK|O_EXLOCK|O_CLOEXEC;
++#endif
++#ifdef __NetBSD__
++  /* Restrict to list of flags documented in man page. */
++  open_flags = O_APPEND|O_DIRECT|O_SHLOCK|O_EXLOCK|O_SYNC|O_CLOEXEC;
++#endif
++
+   SCM_SYSCALL (rv = mkostemp (c_tmpl, open_flags));
+   if (rv == -1)
+     SCM_SYSERROR;